COPPA: What happens when a generation ignores a law?

Update, Sept. 21: This post has been edited since it first appeared.

The United States Federal Trade Commission is seeking public comment on amendments to its rule implementing the Children’s Online Privacy Protection Act [COPPA]. While, as a website publisher and a parent, I’d love to see some changes to COPPA, the FTC’s proposals don’t come close to level of reform this law needs.

If you’re not connected with the legal side of your news website, here’s a reminder about what COPPA is, from the FTC:

The Children’s Online Privacy Protection Act (COPPA) requires that operators of websites or online services directed to children under 13, or those that have actual knowledge that they are collecting personal information from children under 13, obtain verifiable consent from parents before collecting, using, or disclosing such information from children. The FTC’s Rule implementing the COPPA statute became effective in 2000.

Under FTC’s current rules for COPPA, website publishers must get offline consent from a parent before collecting any personal identification information from a visitor under age 13. Getting offline consent, such as a written or faxed letter, then merging it with an online record, has proven to be such a hassle that most websites now simple bar registration to anyone under age 13. That’s been the policy at my websites ever since COPPA went into effect, and it’s the policy at major social media sites such as Facebook.

The proposed amendments to the FTC’s COPPA rule are intended to make obtaining parental consent easier. But some of the FTC’s proposed “solutions” – including a live videoconference with a parent – won’t convince any website publishers to open registration to preteens. Like the old requirements, they’re just too labor-intensive for the highly automated world of online publishing.

As a parent, I understand the intention behind COPPA. Many parents don’t want their kids wandering the Internet unsupervised. But by effectively closing the social Web to preteens, COPPA has had the unintended consequence instead of simply encouraging kids to break the rules of the websites and services they wish to use – and by extension flouting the law’s purpose.

Back in 1998, when COPPA was passed by Congress, online communication wasn’t an essential part of daily life for most people. Over the past 13 years, though, we’ve raised a digital generation. Text messaging, apps and Facebook chatting have supplanted passed notes and phone calls as the preferred means of communication for millions of young people. I can’t remember the last time my teen daughter used her cell phone to make an actual call. (She’s had the phone for over a year and has yet to set up voicemail. I don’t think she even knows she could do that.) My son loves making movies, and talked me into creating a YouTube channel and Facebook fan page on my accounts so he could share his videos, to get around the fact that he couldn’t do so legally himself. Most kids wouldn’t bother with that step. They’d just pretend to be over 13 and set up the accounts themselves – leaving them without the data-tracking protections that COPPA’s designed to provide kids of their age.

Digital communication doesn’t just happen at age 13. Kids are itching to connect online as soon as they get their hands on a connected device. And with tablets such as the iPad enabling toddlers to function online, COPPA’s age limit is a full decade too late for some kids.

And that is helping to make COPPA the most-violated law since the speed limit and the drinking age.

FTC can change its rules as it wants. But if COPPA continues to encourage publishers to close digital connectivity to preteens, today’s digital generation will continue to lie about their ages to get around that legal roadblock. And that digital generation’s first lesson in digital literacy will continue to be: To connect with the world around you, you first must break the rules and flout the law.

That bothers me, not just as a parent, but as a citizen. Keeping laws on the books that the majority of people routinely violate (or laws that are rarely or inconsistently enforced) robs the law – as an institution – of its credibility. I don’t believe that we collectively should make a policy that encourages our children to break rules and ignore the law in order to participate fully in their society. If we want to protect preteens’ identity online – and I believe that we should – our laws should focus on that, instead of creating parental consent procedures so burdensome that they force publishers into the impossible task of trying to keep kids offline.

We might want to pretend that we can control children, but the fact remains that kids are their own beings. Short of requiring retina scans to log online (oh, heavens, I shouldn’t even suggest that in jest), we can’t firewall preteens from the Internet. So let’s quit pretending that we can, or even, should.

The FTC can’t fix COPPA on its own. We need Congress to step in and revise the law. Perhaps we should prohibit publishers and developers from referencing minors with their real names. Or, even better, we could prohibit direct unsolicited marketing to any minor, too – building on COPPA’s data protection and anti-tracking measures. But I’d rather see the FTC start a discussion on a new effort to help kids engage online in a positive manner than limiting the discussion to patching this broken aspect of COPPA.

About Robert Niles

Robert Niles is the former editor of OJR, and no longer associated with the site. You may find him now at


  1. says:

    COPPA has been a huge success, protecting the privacy of children under 13. Kids are the only group in the U.S. who have legal safeguards to prevent the digital data tracking, profiling and online targeting that occurs online today. COPPA works. The kind of digital data collection that a user routinely faces online, involving their financial, health, racial and social behaviors, doesn’t happen in the children’s market because there is a privacy law. Once you turn 13 in the US, you are fair game for data collection. COPPA was designed to also be a safeguard against kids being unfairly targeted comnmercially. If you want to see what happens to teens because they don’t have a privacy law, see my site on teen junk food digital targeting at

    As the person who co-led the campaign to have Congress pass COPPA–and is leading the effort to have the FTC to ensure it covers mobile and other tracking devices–I would hope that the author would do a better job placing in the issue in context.

    Jeff Chester, Center for Digital Democracy

  2. Hey, I’m all for the data tracking and solicitation restrictions in COPPA – that’s why I focused my criticisms to particular elements of the law.

    But it cannot be denied that COPPA also has taught a generation of Americans that the way to connect with people online is to lie and break rules. If you don’t see a problem with that, then you’re willing to lose a war to win a skirmish.